Re: [EXTERNAL] Re: [edk2-devel] [RFC] VariablePolicy - Protocol, Libraries, and Implementation for VariableLock Alternative


Bret Barkelew <bret.barkelew@...>
 

Kevin,

Agreed and we were sensitive to that in our codebase as well. Surface and other consumers had drivers expecting VarLock and we didn’t want to have to rewrite them all (at least not immediately).

If you take a look at the MuVarPolicyFoundationDxe driver in the extras branch…
It contains a number of features that we considered fundamental for building complex constructions, but we’re (strictly speaking) a core part of the Variable Policy infrastructure.
One of those features is installing a VarLock interface that leverages Variable Policy.

https://github.com/corthon/edk2/tree/personal/brbarkel/var_policy_rfc_extra/MsCorePkg/MuVarPolicyFoundationDxe

Is that something you think you could work with (renamed, of course 😉).

- Bret

From: Kevin D Davis<mailto:kevin.davis@insyde.com>
Sent: Tuesday, February 4, 2020 3:31 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Bret Barkelew<mailto:Bret.Barkelew@microsoft.com>
Cc: rfc@edk2.groups.io<mailto:rfc@edk2.groups.io>
Subject: [EXTERNAL] Re: [edk2-devel] [RFC] VariablePolicy - Protocol, Libraries, and Implementation for VariableLock Alternative

Bret,

We like the new functionality.

Our concern is our customers / we will need to modify all of the code that are consumers of EDKII_VARIABLE_LOCK_PROTOCOL to use the new protocols. If you could review that issue we would be 100% happy.

Of course, that’s not always appropriate and we understand.

Kevin D Davis
Insyde Software


On Feb 4, 2020, at 2:07 AM, Bret Barkelew via Groups.Io <bret.barkelew=microsoft.com@groups.io> wrote:

Expanding the audience beyond the RFC list….
If no one has additional input, I’ll try to start formatting these as patches later this week. Thanks!

- Bret

From: Bret Barkelew<mailto:Bret.Barkelew@microsoft.com>
Sent: Tuesday, January 28, 2020 5:36 PM
To: rfc@edk2.groups.io<mailto:rfc@edk2.groups.io>
Subject: [RFC] VariablePolicy - Protocol, Libraries, and Implementation for VariableLock Alternative

All,

VariablePolicy is our proposal for an expanded “VarLock-like” interface to constrain and govern platform variables.
I brought this up back in May to get initial comments on the interface and implications of the interface and the approach. We implemented it in Mu over the summer and it is not our defacto variable solution. It plugs in easily to the existing variable infrastructure, but does want to control some of the things that are currently managed by VarLock.

There are also some tweaks that would be needed if this were desired to be 100% optional code, but that’s no different than the current VarLock implementation which has implementation code directly tied to some of the common variable code.

I’ve structured this RFC in two pieces:

* The Core piece represents the minimum changes needed to implement Variable Policy and integrate it into Variable Services. It contains core driver code, central libraries and headers, and DXE driver for the protocol interface.
* The Extras piece contains recommended code for a full-feature implementation including a replacement for the VarLock protocol that enables existing code to continue functioning as-is. It also contains unit and integration tests. And as a bonus, it has a Rust implementation of the core business logic for Variable Policy.

The code can be found in the following two branches:
https://github.com/corthon/edk2/tree/personal/brbarkel/var_policy_rfc_core<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcorthon%2Fedk2%2Ftree%2Fpersonal%2Fbrbarkel%2Fvar_policy_rfc_core&data=02%7C01%7Cbret.barkelew%40microsoft.com%7Cdaa80648c1244dbfd32108d7a9ca13f4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637164558782121558&sdata=0tKS5gx17R0dsBpEXjCEK6AIh1B5R6yVyQi55BTReHo%3D&reserved=0>
https://github.com/corthon/edk2/tree/personal/brbarkel/var_policy_rfc_extra<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcorthon%2Fedk2%2Ftree%2Fpersonal%2Fbrbarkel%2Fvar_policy_rfc_extra&data=02%7C01%7Cbret.barkelew%40microsoft.com%7Cdaa80648c1244dbfd32108d7a9ca13f4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637164558782121558&sdata=1hlFTGKyzxbaA1BM48zRZEMt%2FyJU3%2Ft96YY0REUY5gs%3D&reserved=0>

A convenient way to see all the changes in one place is to look at a comparison:
https://github.com/corthon/edk2/compare/master...corthon:personal/brbarkel/var_policy_rfc_core<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcorthon%2Fedk2%2Fcompare%2Fmaster...corthon%3Apersonal%2Fbrbarkel%2Fvar_policy_rfc_core&data=02%7C01%7Cbret.barkelew%40microsoft.com%7Cdaa80648c1244dbfd32108d7a9ca13f4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637164558782131553&sdata=0hIT%2FOYBtfpXg6XH97IMcNusYJxa6k8E5qAhCWZ6djA%3D&reserved=0>
https://github.com/corthon/edk2/compare/personal/brbarkel/var_policy_rfc_core...corthon:personal/brbarkel/var_policy_rfc_extra<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcorthon%2Fedk2%2Fcompare%2Fpersonal%2Fbrbarkel%2Fvar_policy_rfc_core...corthon%3Apersonal%2Fbrbarkel%2Fvar_policy_rfc_extra&data=02%7C01%7Cbret.barkelew%40microsoft.com%7Cdaa80648c1244dbfd32108d7a9ca13f4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637164558782141545&sdata=wqv2WuSxZBuIB2LaMCh5P4YblQQEKGRXEdg%2FjlhCBlY%3D&reserved=0>

There’s additional documentation in the PPT and DOC files in the core branch:
https://github.com/corthon/edk2/blob/personal/brbarkel/var_policy_rfc_core/RFC%20VariablePolicy%20Proposal%20Presentation.pptx<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcorthon%2Fedk2%2Fblob%2Fpersonal%2Fbrbarkel%2Fvar_policy_rfc_core%2FRFC%2520VariablePolicy%2520Proposal%2520Presentation.pptx&data=02%7C01%7Cbret.barkelew%40microsoft.com%7Cdaa80648c1244dbfd32108d7a9ca13f4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637164558782141545&sdata=37mYO3wTQS%2BUsdQW88mi%2B5aglkqDogR5msPZwIGZdLg%3D&reserved=0> https://github.com/corthon/edk2/blob/personal/brbarkel/var_policy_rfc_core/RFC%20VariablePolicy%20Whitepaper.docx<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcorthon%2Fedk2%2Fblob%2Fpersonal%2Fbrbarkel%2Fvar_policy_rfc_core%2FRFC%2520VariablePolicy%2520Whitepaper.docx&data=02%7C01%7Cbret.barkelew%40microsoft.com%7Cdaa80648c1244dbfd32108d7a9ca13f4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637164558782151542&sdata=SNug18tr6iC1VMg72mEiIPykL5LQr2aI8yGq%2B7K9tTE%3D&reserved=0>
(You’d need to download those to view.)

My ultimate intention for this is to submit it as a series of patches for acceptance into EDK2 as a replacement for VarLock. For now, I’m just looking for initial feedback on any broad changes that might be needed to get this into shape for more detailed code review on the devel list.

Thanks!

- Bret

Join rfc@edk2.groups.io to automatically receive all group messages.